Topic Last Modified: 2007-03-14

The Microsoft Exchange Analyzer tool includes a performance data collection engine that is used to query performance counter objects on computers that are running Exchange 2000 Server or Exchange Server 2003. The performance data collection engine collects data from the LDAP Search Time performance counter of the MSExchangeDSAccess Process performance object to analyze performance data.

The LDAP Search Time performance counter shows the time in milliseconds that it takes a Lightweight Directory Access Protocol (LDAP) search request to be fulfilled. The Exchange Analyzer retrieves a sample every 5 seconds for 5 minutes. The Exchange Analyzer then reports the maximum value for the performance counter during the collection interval. If the maximum value exceeds 100 milliseconds, the Exchange Analyzer displays an error.

High LDAP search latencies can be caused by high remote procedure call (RPC) latencies and by increasing queues. High LDAP search latencies generally indicate one of the following problems:

LDAP latencies are generally higher when users connect to domain controllers that are located in different physical sites. However, the recommended maximum latencies stated in this article should generally be followed.

Exchange servers will query out-of-domain global catalog servers every 15 minutes for to keep an up-to-date list of global catalog servers and domain controllers. Because some of these directory servers may be remote, the latencies on these queries may be high. This is acceptable, as long as the requests are infrequent, that is, the rate is less than 0.5 requests a second.

If the domain controller that has logged this error is located in a different physical site, you may be able to safely ignore this error if you can determine that the domain controller that reports this error is not used by the Exchange server. One way to determine whether a domain controller is used by Exchange is to increase diagnostic logging for the Topology component of the MSExchangeDSAccess service to Minimum. If you do not see MSExchangeDSAccess event ID event 2080, you can safely ignore this error.

For mixed mode environments only, behavior was introduced around the Exchange 2000 SP2 timeframe for certain specific security-related user attributes like tokenGroups and tokengroupsGlobalandUniversal. These were used to determine what security groups a user is a member of and therefore what permissions he or she has to secure resources such as public folders that requires the Exchange server to query a domain controller that is authoritative for the user’s home domain. The authoritative domain controller may be in a remote site and queries from a large number of remote homed domain users accessing local public folders could contribute to high RPC latencies.

For more information about this behavior, see the following Exchange Server blog article:

To resolve this error, do the following: